The Securities Commission Malaysia (SC) has implemented revised Guidelines on Technology Risk Management (Guidelines) that came into effect today. These new Guidelines replace the previous Guidelines on Management of Cyber Risk (GMCR), expanding the scope beyond cybersecurity to encompass a broader range of technology risks.
The revised Guidelines, originally introduced in August 2023, are designed to help capital market entities understand and manage various technology risks. Emphasizing the need for operational reliability, security, and resilience against technology disruptions, the Guidelines outline the SC’s expectations for risk management practices within the industry.
Key areas addressed in the Guidelines include the ‘change management’ process, oversight of third-party service providers, reporting requirements, technology audits, and board accountability in managing technology risks. These measures aim to protect the industry from technology-related incidents and ensure a secure and resilient technological environment.
The recent CrowdStrike outage has underscored the vulnerability of digital infrastructure and the significant impact such incidents can have on organizations. This incident highlights the necessity for capital market entities to adhere to the Guidelines, not only to mitigate immediate technology risks but also to contribute to the development of a secure and ethical technological landscape for the future.
In line with the revised Guidelines, the SC has updated various related guidelines and published a new list of Frequently Asked Questions (FAQs) to provide further clarity for capital market entities.
This initiative is part of the SC’s ongoing efforts to enhance the strength and integrity of Malaysia’s capital market while boosting investor confidence.
